Title: Bad nginx rules
Last modified: August 22, 2016

---

# Bad nginx rules

 *  [msousa](https://wordpress.org/support/users/msousa/)
 * (@msousa)
 * [11 years, 6 months ago](https://wordpress.org/support/topic/bad-nginx-rules/)
 * The nginx rules for suspicious sites cause all requests to be accepted due to
   a possible logic error.
 * The problem lies in the whitelistening where the match is by not match (last 
   6 matches).
 * Example all requests that don’t match loggedout=true are allowed, instead of 
   requests that match loggedout=true.
 * Generated rules:
 *     ```
       # Rules to block suspicious URIs
                   set $susquery 0;
                   if ($args ~* "\.\./") { set $susquery 1; }
                   if ($args ~* "\.(bash|git|hg|log|svn|swp|cvs)") { set $susquery 1; }
                   if ($args ~* "etc/passwd") { set $susquery 1; }
                   if ($args ~* "boot.ini") { set $susquery 1; }
                   if ($args ~* "ftp:") { set $susquery 1; }
                   if ($args ~* "http:") { set $susquery 1; }
                   if ($args ~* "https:") { set $susquery 1; }
                   if ($args ~* "(<|%3C).*script.*(>|%3E)") { set $susquery 1; }
                   if ($args ~* "mosConfig_[a-zA-Z_]{1,21}(=|%3D)") { set $susquery 1; }
                   if ($args ~* "base64_encode") { set $susquery 1; }
                   if ($args ~* "(%24&x)") { set $susquery 1; }
                   if ($args ~* "("|'|<|>|\|{|||%24&x)"){ set $susquery 1; }
                   if ($args ~* "(127.0)") { set $susquery 1; }
                   if ($args ~* "(globals|encode|localhost|loopback)") { set $susquery 1; }
                   if ($args ~* "(request|insert|concat|union|declare)") { set $susquery 1; }
                   if ($args !~ "^loggedout=true"){ set $susquery 0; }
                   if ($args !~ "^action=jetpack-sso"){ set $susquery 0; }
                   if ($args !~ "^action=rp"){ set $susquery 0; }
                   if ($http_cookie !~ "^.*wordpress_logged_in_.*$"){ set $susquery 0; }
                   if ($http_referer !~ "^http://maps.googleapis.com(.*)$"){ set $susquery 0; }
                   if ($susquery = 1) { return 403; }
       ```
   
 * [https://wordpress.org/plugins/better-wp-security/](https://wordpress.org/plugins/better-wp-security/)

The topic ‘Bad nginx rules’ is closed to new replies.

 * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=3529351)
 * [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/)
 * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/)

## Tags

 * [nginx](https://wordpress.org/support/topic-tag/nginx/)

 * 0 replies
 * 1 participant
 * Last reply from: [msousa](https://wordpress.org/support/users/msousa/)
 * Last activity: [11 years, 6 months ago](https://wordpress.org/support/topic/bad-nginx-rules/)
 * Status: not resolved